vulnerability
FreeBSD: VID-33ba2241-c68e-11ee-9ef3-001999f8d30b (CVE-2024-24821): Composer -- Code execution and possible privilege escalation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Feb 8, 2024 | Feb 9, 2024 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Feb 8, 2024
Added
Feb 9, 2024
Modified
Dec 10, 2025
Description
Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update.
Solutions
freebsd-upgrade-package-php81-composerfreebsd-upgrade-package-php82-composerfreebsd-upgrade-package-php83-composer
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.